Erlang : Security Vulnerabilities, CVEs, CVSS score >= 9
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
Max CVSS
9.8
EPSS Score
0.19%
Published
2022-09-21
Updated
2023-07-11
Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.
Max CVSS
10.0
EPSS Score
47.62%
Published
2020-09-02
Updated
2021-07-21
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.
Max CVSS
9.8
EPSS Score
0.25%
Published
2017-03-18
Updated
2018-07-11
3 vulnerabilities found